On Thursday 16 October 2008 22:35:36 Dale Schuster wrote:
"Carlos E. R."
wrote on 10/15/2008 02:33:16 PM:
Anyway, your script is now working well, thank you, Carlos, but
itwon't read
in the passphrase for unencrypting the hard-drive that boots
immediately after
the usb stick. I think I need to study the cryptsetup docs.
I'm glad that it works.
About reading the passphrase, I don't know, my setup is different. The script simply mounts the stick, you will have to tell the crypto parts
to
use it somehow; I can't help you there, sorry.
I'm coming into the thread a bit late, but it seems to me that you can solve this problem by encrypting the volume with a key. Save that key to the USB drive and point to it during the mounting process. You can then choose to protect the key with a "biologically stored" passphrase, or have no passphrase on the key itself.
Yes, that's right. I've created the key on the USB drive. LUKS allows encrypted partititions to have more than one passphrase. So, in my case, my encrypted /home partition requires me to type in a passphrase before it can be mounted. I have added a second passphrase which resides in a file on the USB drive. The problem I have is getting the USB drive mounted before /home, so that the encryption software can find a valid passphrase there, rather than requiring me to type one in. I have posed my question on the (low traffic) dm-crypt mailing list where I am getting some help, but have not completely solved my problem.
This is essentially what the Security vendors do with USB Smart Cards, etc. It seems to me the only difference is that you're storing the key on a filesystem instead of a "smart card". This shouldn't be too hard to get going since you already have the USB Filesystem side of things working.
I hope I didn't just misunderstand what you're trying to accomplish.
You didn't :)
~Dale
Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.11-0.1-default, KDE 4.1.1 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org